/**
 * 配置
 * */
package org.zmhhxl.sample3.oauth2.a.configure;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

/**
 *    Cache-Control: no-cache, no-store, max-age=0, must-revalidate
 *    Pragma: no-cache
 *    Expires: 0
 *    X-Content-Type-Options: nosniff
 *    Strict-Transport-Security: max-age=31536000 ; includeSubDomains
 *    X-Frame-Options: DENY
 *    X-XSS-Protection: 0
 * */

//@Configuration
//@EnableWebSecurity
//public class CsrfSecurityConfig {
//   @Bean
//   public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
//      http.headers((headers) -> headers
//                  .disable()
//                  //.defaultsDisabled()
//                  //.addHeaderWriter("X-Frame-Options", "DENY")
//                  //.frameOptions((frameOptions) -> frameOptions.sameOrigin())
//                  //                  .frameOptions((frameOptions) -> frameOptions
////                        .sameOrigin()
////                  )
////            .contentSecurityPolicy(csp -> csp
////                  //frame-ancestors 'self';
////            //frame-src 'self'; connect-src 'self'; manifest-src 'self'; script-src 'self'; default-src 'self';
////            .policyDirectives("sandbox allow-forms allow-scripts;"))
//
//      );
//
//      return http.build();
//   }
//}
